1. What are the three fundamental elements of an effective security program for information systems? 2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources? 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what types of access controls and permissions are probably configured? 4. What is the mechanism on a Windows server that lets you administer granular policies and permissions on a Windows network using role based access? 5. What is two-factor authentication, and why is it an effective access control technique? 6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. 7. Is it a good practice to include the account or username in the password? Why or why not? Solution Answer: 1. Identification, Authentication, and Authorization are the three fundamental elements of an effective security program for information systems. 2.Authentication and Authorization are the two elements, used by the Domain User Admin to create users and assign rights to resources. 3. read and write permissions should be properly configured. The file access type should be set to read only. 4. Group Policy Editor is used to administer granular policies and permissions on a Windows network using role-based access. 5. The two-factor authentication is a process, requires two different type of identification, such as an ID card and a pin code / password. The user must authenticate with two forms of ID to prove thier identity. So it is effective. 6.In Windows Server 2008 R2, permissions can be set for files and folders.o grant a user, access only to files owned by him and prevent him from accessing any others. 7.Including the account or username in the password is absolutely not a good or suggested practice. It is a common starting place for hackers when attempting to log in to someone’s account or when trying to use another person’s access. .